The Dos and Don'ts of Using SBOMs for Security

Presented by

Cortez Frazier Jr. | Senior Product Manager, FOSSA

About this talk

The great tool in any risk professional’s tool belt will always be an accurate and up-to-date asset inventory. SBOMs (software bill of materials) hold significant promise as a means of providing this real-time inventory — but there are a number of potential roadblocks that can prevent organizations from realizing this potential. Join FOSSA Senior Product Manager Cortez Frazier Jr. in this webinar to learn strategies for successfully leveraging first- and third-party SBOMs in your security program — as well as common mistakes organizations make that prevent them from doing so. We’ll discuss: -Processes and workflows for generating SBOMs: When in the SDLC should you generate SBOMs, what information should you include, and how often should they be updated? -Strategies for getting SBOMs from third-party suppliers: What you should require suppliers to include in their SBOMs, and how should they be transmitted? -How to integrate SBOM security insights into your security program: How do you consolidate data from first- and third-party SBOMs so you can effectively use it, and what are ideal workflows for security and engineering teams to remediate issues that SBOMs surface?
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6425)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.